Healthcare Cyberattacks: Convictions Won’t Stop the DDoS Threat
For better or for worse, healthcare providers of all sorts are under a huge cyber-attack threat. Organizations created to take care of the body, ensuring the health and survival of humans are under attack by the very people that they serve.
Attacks on healthcare providers are coming fast and furiously, with law enforcement trying to catch up to the threat. In reality, while attackers may face the threat of prison, healthcare providers cannot rely on the rule of law to keep them safe. This article discusses the threat facing healthcare providers and looks into ways health care providers can mount a defense including preventing a successful denial of service attack.
It’s Against the Law – But Prosecutions Won’t Stop Attacks
The legal system has certainly caught up with the cyberattack risk. Whether it’s hacking or threats like persistent DDoS attacks law enforcement can identify criminal intent and bring the culprits to justice. One notorious recent example is that of hacktivist Martin Gottesfeld. Many people will argue that Gottesfeld had a good cause, especially when the facts are closely considered.
Whatever the motives for Gottesfeld’s attack, the costs for the healthcare provider involved were immense. With total losses in excess of $600,000, the Boston Children’s Hospital paid a heavy price for the actions of a single person. Yes, one may see Gottesfeld’s activities as armchair activism but the fact that Gottesfeld was prosecuted and found guilty should strongly suggest that his activities were simply criminal.
Yet judging by the explosion of cyberattacks including DDoS attacks it is very clear that the prospect of a criminal prosecution leading to a conviction with a fine or jail time is not providing much of a deterrent. It may be because attackers think they can successfully hide, but the lesson remains that healthcare establishments will need to actively protect themselves against the risk of cyberattacks.
Cyber Attacks and Healthcare: What to Do
Aside from the monetary incentive for criminals (think ransomware), there are also ethical dilemmas in the industry, as the Gottesfeld case proves. It makes for a potent pool of motives. Without a doubt, healthcare providers need to mount a defense. In hedging against cybercrime healthcare providers need to take a two-pronged approach.
Put Up Cyber Defenses
First, defending against successful attacks is essential. Stopping attacks requires a mixed strategy that involves everything from educating company employees on safe computer use (always using strong passwords, avoiding phishing attacks and so forth) while simultaneously mounting effective technological defenses against attacks.
The technology approach should include protection against hacking, while ensuring IT best practice is maintained across the organization, including regular updates of firmware and software. Some aspects need particular focus: DDoS attacks, for example.
Focus Strongly on Preventing DDoS
Hospitals and other health care providers must understand that though protecting against DDoS attacks involves IT expenditure, the costs of a successful DDoS attack can be incredibly high – as shown by the Boston Children’s Hospital example. For this reason, it is without a doubt worth enrolling a very experienced vendor.
Vendors with the right DDoS experience can stop the execution of even the most advanced, multi-tiered DDoS attacks, enabling a healthcare provider to continue to provide services without interruption. Some DDoS attacks can be immense in scope and only a third-party supplier with massive networks can deliver DDoS protection against very determined actors. DDoS vendors that have the right knowledge can ensure that DDoS attacks are a much less potent risk.
Design a backup plan
Even with the best defenses, healthcare providers need to ensure that they are prepared for a cyberattack – or even just downtime due to human error or equipment failure – because patients must be able to rely on medical care. Hospitals, for example, must be able to survive a full system collapse. It is impossible to do so if alternative systems are not planned for.
For example, email is a tool most healthcare providers strongly rely on. Every medical provider should have an alternative system ready to go, even if this involves moving paper around at an inefficient pace. With these alternatives in place any downtime as a result of a cyberattack or another failure can be survivable long enough to restore services.
It is good to see cybercriminals coming to justice and the hope is that with enough of these successful prosecutions a change of opinion will come. But healthcare providers cannot simply rely on the deterrent of a possible persecution: active cyber defenses are essential, and so is a backup plan.
Every provider should evaluate their cyber defenses on a regular basis including protection against hacking, and a highly capable DDoS protection system as DDoS can be one of the costliest attack vectors. Should the worst happen, of course, a backup plan will be able to ensure healthcare providers are able to continue serving their patients.